package com.smartcampusbackend.util;

import com.smartcampusbackend.model.User;
import java.util.Arrays;
import java.util.List;

/**
 * 权限控制工具类
 */
public class PermissionUtil {
    
    // 角色常量
    public static final String ROLE_ADMIN = "ADMIN";
    public static final String ROLE_TEACHER = "TEACHER";
    public static final String ROLE_STUDENT = "STUDENT";
    public static final String ROLE_STAFF = "STAFF";
    
    // 不可修改的字段（学生和教师）
    private static final List<String> STUDENT_IMMUTABLE_FIELDS = Arrays.asList(
        "id", "username", "role", "studentId", "status", "createTime", "updateTime"
    );
    
    private static final List<String> TEACHER_IMMUTABLE_FIELDS = Arrays.asList(
        "id", "username", "role", "teacherId", "status", "createTime", "updateTime"
    );
    
    // 管理员可以修改的字段
    private static final List<String> ADMIN_EDITABLE_FIELDS = Arrays.asList(
        "realName", "gender", "email", "phone", "avatar", "role", "department", 
        "major", "grade", "className", "studentId", "teacherId", "title", "subject",
        "idNumber", "address", "emergencyContact", "emergencyPhone", "status", "remark"
    );
    
    /**
     * 检查用户是否有权限修改指定字段
     * @param currentUser 当前操作用户
     * @param targetUser 目标用户
     * @param fieldName 字段名
     * @return 是否有权限
     */
    public static boolean canEditField(User currentUser, User targetUser, String fieldName) {
        // 管理员可以修改所有字段（除了系统字段）
        if (ROLE_ADMIN.equals(currentUser.getRole())) {
            return !Arrays.asList("id", "createTime", "updateTime").contains(fieldName);
        }
        
        // 用户只能修改自己的信息
        if (!currentUser.getId().equals(targetUser.getId())) {
            return false;
        }
        
        // 学生权限检查
        if (ROLE_STUDENT.equals(currentUser.getRole())) {
            return !STUDENT_IMMUTABLE_FIELDS.contains(fieldName);
        }
        
        // 教师权限检查
        if (ROLE_TEACHER.equals(currentUser.getRole())) {
            return !TEACHER_IMMUTABLE_FIELDS.contains(fieldName);
        }
        
        // 其他角色（如后勤人员）可以修改基本信息
        return !Arrays.asList("id", "username", "role", "status", "createTime", "updateTime").contains(fieldName);
    }
    
    /**
     * 检查用户是否有权限查看指定字段
     * @param currentUser 当前操作用户
     * @param targetUser 目标用户
     * @param fieldName 字段名
     * @return 是否有权限
     */
    public static boolean canViewField(User currentUser, User targetUser, String fieldName) {
        // 管理员可以查看所有字段
        if (ROLE_ADMIN.equals(currentUser.getRole())) {
            return true;
        }
        
        // 用户只能查看自己的信息
        if (!currentUser.getId().equals(targetUser.getId())) {
            return false;
        }
        
        // 敏感字段只有管理员可以查看
        List<String> sensitiveFields = Arrays.asList("password", "idNumber");
        if (sensitiveFields.contains(fieldName)) {
            return ROLE_ADMIN.equals(currentUser.getRole());
        }
        
        return true;
    }
    
    /**
     * 检查用户是否有权限查看用户列表
     * @param currentUser 当前操作用户
     * @return 是否有权限
     */
    public static boolean canViewUserList(User currentUser) {
        return ROLE_ADMIN.equals(currentUser.getRole()) || 
               ROLE_TEACHER.equals(currentUser.getRole());
    }
    
    /**
     * 检查用户是否有权限创建用户
     * @param currentUser 当前操作用户
     * @return 是否有权限
     */
    public static boolean canCreateUser(User currentUser) {
        return ROLE_ADMIN.equals(currentUser.getRole());
    }
    
    /**
     * 检查用户是否有权限删除用户
     * @param currentUser 当前操作用户
     * @param targetUser 目标用户
     * @return 是否有权限
     */
    public static boolean canDeleteUser(User currentUser, User targetUser) {
        // 只有管理员可以删除用户
        if (!ROLE_ADMIN.equals(currentUser.getRole())) {
            return false;
        }
        
        // 不能删除自己
        if (currentUser.getId().equals(targetUser.getId())) {
            return false;
        }
        
        // 不能删除其他管理员
        if (ROLE_ADMIN.equals(targetUser.getRole())) {
            return false;
        }
        
        return true;
    }
    
    /**
     * 过滤用户信息，只返回有权限查看的字段
     * @param currentUser 当前操作用户
     * @param targetUser 目标用户
     * @return 过滤后的用户信息
     */
    public static User filterUserInfo(User currentUser, User targetUser) {
        User filteredUser = new User();
        
        // 复制基本信息
        filteredUser.setId(targetUser.getId());
        filteredUser.setUsername(targetUser.getUsername());
        filteredUser.setRealName(targetUser.getRealName());
        filteredUser.setRole(targetUser.getRole());
        filteredUser.setStatus(targetUser.getStatus());
        filteredUser.setCreateTime(targetUser.getCreateTime());
        filteredUser.setUpdateTime(targetUser.getUpdateTime());
        
        // 根据权限过滤字段
        if (canViewField(currentUser, targetUser, "email")) {
            filteredUser.setEmail(targetUser.getEmail());
        }
        if (canViewField(currentUser, targetUser, "phone")) {
            filteredUser.setPhone(targetUser.getPhone());
        }
        if (canViewField(currentUser, targetUser, "avatar")) {
            filteredUser.setAvatar(targetUser.getAvatar());
        }
        if (canViewField(currentUser, targetUser, "gender")) {
            filteredUser.setGender(targetUser.getGender());
        }
        if (canViewField(currentUser, targetUser, "department")) {
            filteredUser.setDepartment(targetUser.getDepartment());
        }
        if (canViewField(currentUser, targetUser, "major")) {
            filteredUser.setMajor(targetUser.getMajor());
        }
        if (canViewField(currentUser, targetUser, "grade")) {
            filteredUser.setGrade(targetUser.getGrade());
        }
        if (canViewField(currentUser, targetUser, "className")) {
            filteredUser.setClassName(targetUser.getClassName());
        }
        if (canViewField(currentUser, targetUser, "studentId")) {
            filteredUser.setStudentId(targetUser.getStudentId());
        }
        if (canViewField(currentUser, targetUser, "teacherId")) {
            filteredUser.setTeacherId(targetUser.getTeacherId());
        }
        if (canViewField(currentUser, targetUser, "title")) {
            filteredUser.setTitle(targetUser.getTitle());
        }
        if (canViewField(currentUser, targetUser, "subject")) {
            filteredUser.setSubject(targetUser.getSubject());
        }
        if (canViewField(currentUser, targetUser, "address")) {
            filteredUser.setAddress(targetUser.getAddress());
        }
        if (canViewField(currentUser, targetUser, "emergencyContact")) {
            filteredUser.setEmergencyContact(targetUser.getEmergencyContact());
        }
        if (canViewField(currentUser, targetUser, "emergencyPhone")) {
            filteredUser.setEmergencyPhone(targetUser.getEmergencyPhone());
        }
        if (canViewField(currentUser, targetUser, "remark")) {
            filteredUser.setRemark(targetUser.getRemark());
        }
        
        return filteredUser;
    }

    /**
     * 检查用户是否有权限批量导入用户
     * @param currentUser 当前操作用户
     * @return 是否有权限
     */
    public static boolean canImportUsers(User currentUser) {
        return ROLE_ADMIN.equals(currentUser.getRole());
    }

    /**
     * 检查用户是否有权限查看用户统计信息
     * @param currentUser 当前操作用户
     * @return 是否有权限
     */
    public static boolean canViewUserStats(User currentUser) {
        return ROLE_ADMIN.equals(currentUser.getRole()) ||
                ROLE_TEACHER.equals(currentUser.getRole());
    }

    /**
     * 检查用户是否有权限重置用户密码
     * @param currentUser 当前操作用户
     * @param targetUser 目标用户
     * @return 是否有权限
     */
    public static boolean canResetPassword(User currentUser, User targetUser) {
        // 只有管理员可以重置密码
        if (!ROLE_ADMIN.equals(currentUser.getRole())) {
            return false;
        }

        // 不能重置自己的密码（通过忘记密码功能）
        if (currentUser.getId().equals(targetUser.getId())) {
            return false;
        }

        return true;
    }
} 